Need Help?

News and Events

Beginning in February 2015, the Chrome browser will require public logging of Extended Validation (EV) SSL certificates in Certificate Transparency (CT).

Certificate Transparency is an initiative created by Google to log, audit and monitor all public SSL Certificates. CT makes it possible to detect SSL certificates that have been mistakenly issued or maliciously acquired. For more information, see http://www.certificate-transparency.org/

EV certificates issued after January 1, 2015 that are not logged in CT will not receive the enhanced “green bar” in Chrome that shows the validated company information.

Certificate Transparency Requirements for Extended Validation SSL

Initially, Google’s CT requirements only apply to Extended Validation SSL. Domain Validated (DV) and Organisation Validated (OV) SSL are not currently logged, although Google may expand the CT requirements at a later date.

QuoVadis and other CAs will submit “whitelists” of existing EV SSL before January 1 to ensure their continuing EV treatment in Chrome. Chrome is the only browser requiring CT logging.

EV certificates issued after January 1 must provide proofs from a CT log server or they will not show the “green bar” in Chrome. A one year EV certificate requires two proofs, while a two year EV certificate requires at least three proofs.

Google itself is operating several CT logs for use by CAs. In addition, QuoVadis is participating in one of the first independent CT logs, ensuring that QuoVadis certificates are logged on diverse CT platforms.

QuoVadis CT-ready by Default

If you have an existing SHA256 QuoVadis EV SSL, you should not need to take any action. Your certificate will be whitelisted in CT and will continue to show the “green bar” in Chrome.

With the launch of QuoVadis Trust/Link Enterprise v3, by default all new QuoVadis EV SSL will include the required number of CT proofs embedded in the certificate.

As the internet-wide implementation of CT continues, QuoVadis intends to expand support in Trust/Link to allow customers to select, by policy, how their certificates are logged in CT. Options may include the current embedded proof as well as delivery of proofs via OCSP stapling or TLS extensions.

QuoVadis is the managed services company of WISeKey (WIHN listed on SIX Swiss Exchange). QuoVadis Trust/Link provides managed Public Key Infrastructure (PKI) including Digital Certificates for authentication, encryption, and digital signature; TLS/SSL Certificates for websites; and high-volume requirements such as IoT. QuoVadis sealsign provides software and cloud solutions for Electronic Signatures and time-stamping. QuoVadis is an EU and Swiss (ZertES) Qualified Trust Service Provider (TSP).